Use this procedure if your user management engine (UME) uses SAP NetWeaver Application Server (AS) ABAP as the data source, but you have an LDAP directory with information you want to use, such as the following:
● User logon ID
● User password
● Group membership
You can also use this procedure if you have an existing AS ABAP synchronized with a directory service and you want to add an AS Java to the landscape.
Users log on to the AS Java using the password stored in the directory service, even though the AS ABAP is the data source for the AS Java. If necessary, the AS ABAP synchronizes its user data with the directory service. The figure below illustrates this system landscape.
Users logged into the AS Java cannot access content in the AS ABAP. To enable logon to the AS ABAP, enable Single Sign-On with logon tickets and enable logon ticket support for the AS ABAP.
More information: Adding an ABAP System to Your System Landscape.
● This procedure requires you to restart the AS Java. Plan for the required down time while the AS Java restarts.
● You have configured the UME to use an SAP NetWeaver AS ABAP 7.10 and higher as the data source with the data source configuration file dataSourceConfiguration_abap.xml.
More information: SAP NetWeaver AS ABAP User Management as Data Source.
1. Configure directory service synchronization for the AS ABAP.
More information: Configuring Connection Data for the Directory Service.
2. Determine if you need to customize the directory service configuration file.
The directory service configuration file governs the configuration between the AS Java and the directory service. If your directory service configuration demands it, you can customize the configuration. For example, if you want to support a deep hierarchy or Secure Sockets Layer (SSL).
We recommend you use the standard configuration files whenever possible. To configure SSL between the UME and the directory service, you must customize the directory service configuration file. The directory service configuration for the Microsoft directory service supports SSL by default.
More information: Customizing a Directory Service Configuration File.
Do not use the data source configuration files for directory services or attempt to configure the directory service connection from the UME configuration user interface.
3. Configure the UME for LDAP integration for the AS ABAP data source.
a. Start UME configuration.
More information: Configuring User Management.
b. On the ABAP System tab page, select the LDAP Integration Enabled checkbox.
c. Enter the required data.
The table below lists the configuration settings for LDAP integration with an AS ABAP data source.
Configuration Settings for LDAP Integration
LDAP Server ID
Select from the LDAP directory servers configured for directory service synchronization.
LDAP Server Password
Enter the password used by the communications user in the ABAP system for directory server. Choose the Refresh pushbutton to display the name of the user in the LDAP Server User field.
LDAP Logon Attribute
Indicates the mapped attribute set with the Filter indicator.
More information: Setting Mapping Indicators.
You can enter a different directory attribute with the logon ID for users.
d. Choose the Validate Configuration pushbutton.
If the test fails, check the connection parameters a try again.
e. Save your entries.
4. Restart the AS Java.
The UME first checks in the directory service for the user, identifying the user by the logon attribute selected in the AS ABAP configuration for the directory service synchronization.
● If the UME finds the user and successfully authenticates him or her, the UME compares the last modification date in the directory service and in the AS ABAP. If the dates differ, the UME triggers a synchronization of that user’s data between the directory service and the AS ABAP.
● If the UME cannot find the user in the directory service, it searches for the user in the user management of the AS ABAP and the database of the AS Java.